The present invention relates primarily to authentication devices for authenticating for example a smart card or a similar device based on a secret key. The invention relates particularly to protecting a secret key against attempts by an attacker to find out the secret key. Secret keys are used in authentication operations for example with smart cards, each smart card having an individual secret key for confirming its identity. The present invention is not, however, restricted only to smart cards, but the solution of the invention can be utilized also in other situations requiring the protection of a secret key. However, the invention will be described below by way of example with reference primarily to smart cards.
Previously known is a smart card comprising a memory, for example an EEPROM memory, in which a secret key is stored. The secret key is typically composed of a bit string having a length of no less than 64 bits. The smart card also comprises a processor. To confirm its identity, the smart card communicates with an external authentication process, whereby the authentication process feeds to the smart card an input composed of a bit string. The processor of the smart card then retrieves from the memory a secret key, which was stored therein in advance, and the processor then performs a calculation in accordance with a predetermined function using in the calculation the bit string fed to the smart card and the secret key retrieved from the memory. The smart card feeds the result of the calculation, i.e. the response, from its output to the authentication process.
Since the authentication process is aware of the smart card's secret key and of the function the smart card's processor uses, it is able to perform the same calculation as the smart card. If the result of the calculation performed by the authentication process corresponds to the result obtained from the output of the smart card, the identity of the smart card is confirmed, since only one smart card containing said secret key exists, which thus produces said response in response to the input that was fed thereto.
A weakness related to the above known smart card is that there are ways for an attacker to find out the secret key stored in the smart card's memory. One such way is DPA (Differential Power Analysis), in which different inputs are fed to the smart card repeatedly (several thousand times), and the response obtained from the output of the smart card, the power consumed by the smart card during the calculation, and the radiation generated by the smart card during the calculation are simultaneously monitored. By keeping statistics of the input, power consumption, radiation, and response, the attacker can find out the secret key stored in the card's memory. If an attacker finds out the secret key, he is able to for example clone the smart card, i.e. make another smart card in which the same secret key is stored. Such cloning may cause significant harm, for example if said smart card is a person's identity card by which the person can be electronically identified.